Facebook’s photo bug: How to see if you were exposed

Facebook has, yet again, goofed. On Dec. 14, the company announced that it inadvertently exposed 6.8 million users' photos to third-party apps that weren't supposed to have them. If you granted a third-party app access to your Facebook photos from Sept. 13-25, 2018, the bug allowed it access to all of your photos, not just … Continue reading “Facebook’s photo bug: How to see if you were exposed”

Facebook has, yet again, goofed. On Dec. 14, the company announced that it inadvertently exposed 6.8 million users' photos to third-party apps that weren't supposed to have them.

If you granted a third-party app access to your Facebook photos from Sept. 13-25, 2018, the bug allowed it access to all of your photos, not just those posted on your timeline. This means photos you posted privately, or those you didn't finish uploading, might be there.

Facebook promised that it would send a notification to users who were exposed. However, if you don't want to wait around, you can check for yourself.

If you want to be super thorough, you can check any third-party apps that you may have granted photo permissions to during this time. Or, you can follow these steps as a shortcut.

1. Log into your Facebook account. Open Facebook and type your username and password into the text boxes in the top right corner. Or select, your profile picture on the left.

2. Go to this page in Facebook's Help Center. 

3. Scroll to the middle of the page. If your account was impacted, you'll see a list of apps that may have had inadvertent access to your photos. If your account was not impacted, you'll see a message that says "Your Facebook account has not been affected by this issue and the apps you use did not have access to your other photos."

If Facebook says your photos were impacted, make sure to check the apps it lists and delete any photos that shouldn't be there.

More From Tom’s Guide

  • Here’s the One Gmail Setting You Should Activate Now
  • How to Delete Your Facebook AccountHere’s the One Gmail Setting You Should Activate NowThe Best Free Antivirus Software

    Mysterious Twitter bug linked to ‘unusual activity’ from China and Saudi Arabia

    A mysterious Twitter bug has been linked to suspicious activity from China and Saudi Arabia.

    “We have become aware of an issue related to one of our support forms, which is used by account holders to contact Twitter about issues with their account,” explained Twitter, in a statement released Monday.

    The bug could be used to discover the country code of people’s phone numbers if they had one associated with their Twitter account, as well as whether or not their account had been locked by Twitter.


    Twitter began working to deal with the bug on Nov. 15 and fixed it the following day. However, the company’s investigation into the mysterious issue has led to China and Saudi Arabia.

    “We observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia,” it said. “While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors.”

    The issue did not expose full phone numbers or users’ other personal data, according to the San Francisco-based firm.


    The hack has prompted speculation that the bug may have been used to target dissidents.

    Fox News has reached out to Chinese and Saudi authorities with a request for comment on the mysterious bug.

    Twitter revealed the bug on the same day that two separate reports revealed the bewildering scale of Russia’s social media campaign to sow discord in the U.S.

    In October Twitter also released an archive of more than 10 million tweets originating in Russia and Iran, which it says demonstrates efforts to spark friction in America.

    Fox News’ Christopher Carbone contributed to this article.

    Follow James Rogers on Twitter @jamesjrogers

    Here’s how to block robocalls on iPhone and Android

    Unwanted calls are often harmless but some are after your credit card information, IDs or passwords. All are a distraction and a waste of your time.

    Robocallers have gotten more devious by masking their calls with phone numbers that use the first three or first six digits of your phone number.

    But the scams are old. They pretend to be major banks, big tech companies, or government organizations like the IRS.


    Whatever the scam, here are several ways to stop unwanted calls on your smartphone – and one way to stop them cold.

    Manually: if you don’t get a lot of unwanted calls, you can block calls one at a time. On the iPhone you do this by selecting “Phone” then tapping the information icon (the encircled lowercase “i”), and selecting “Block this Caller.” On Android, it’s similar, you tap on the caller’s name, then long-press the number and tap “Block/report spam” (note that this procedure can vary slightly from device to device on Android).

    Blocking calls manually, however, is usually futile because scammers and spammers are constantly changing their numbers, usually on a daily basis.

    Use an app: there are lots of apps that take on telemarketers and suspicious calls, some are better at blocking calls before they get through than others. AT&T and Verizon, as with other carriers, offer apps that let you block calls by identifying likely fraudsters. To identify a suspicious call, numbers are run against a massive list of robocallers that is updated daily.

    For instance, the basic setup of the Verizon Caller Name ID app ($2.99 per month per line) is like any call blocker app on the iPhone. After installing the app, under the iPhone’s Settings you tap on “Phone,” then “Call Blocking & Identification,” then toggle on the Verizon “Caller Name ID” app.

    If you want to take this a step further, the Verizon app will also try to block suspicious calls and send them to voicemail. This requires going into the Verizon app and tapping “Block” then “Spam filter on” then setting a risk level.

    For Android devices, you open the Verizon Caller Name ID app, tap “Block management,” tap “Spam filter”, then toggle the feature on and select the risk level.


    AT&T has its Mobile Security & Call Protect Plus ($3.99 per month) service that has Automatic Fraud Blocking, which can detect and allow you to block incoming suspicious calls.

    Samsung offers a “Smart Call” feature on its phones that can tell you if the call is suspicious and allows you to block the call. Go to “Caller ID and spam protection” in Call Settings, then turn on “Caller ID and spam protection.” Note that is not made available by all carriers.

    And Google offers caller ID & spam protection for Android. With this, you can stop spam calls from ringing on your phone. "You won't get missed call or voicemail notifications, but you'll still see filtered calls in your call history and be able to check any voicemail you receive," according to Google.

    There are third-party apps that you can try for free such as Nomorobo and RoboKiller. After the trial period, both ask for a small monthly fee, which typically starts at $0.99 or $1.99 per month. There’s also an app called Hiya that is free.

    The best advice is to try these services and see which one works for you.

    Kill all suspicious calls: the most effective method is to limit calls to your contact list. On the iPhone, this will stop all unwanted calls from ringing on your phone. The only calls that get through are people on your contact list. Other legitimate calls typically go to voicemail.

    On the iPhone, you go to Settings, then tap on “Do Not Disturb” then select “Allow Calls From” then “All Contacts.” This is deadly effective and may be a good option for people hounded by spam calls. For Android, you can do this with apps such as Calls Blacklist.

    Fox on Tech: Google Plus data breaches causing more headaches

    Google is in the gutter again with users and privacy advocates, in the same week the tech giant's C.E.O is defending the company to skeptical lawmakers on Capitol Hill.

    If you've never heard of Google Plus, you're not alone. The failed social media network had been scheduled to close down in August after failing to make a dent in Facebook's dominance. But now it's going to be shuttered even earlier than planned, due to a security bug leading to a massive leak of some 52 million users' private data. The information breach allowed outside developers to data mine private information about users, even if the account was set to private, including name, email and age, which is more than enough for an experienced thief to use for identity theft. The good news, according to Google: no financial information was released, and so far, the company hasn't seen any evidence that would indicate the information was used illegally. Of course they'll be keeping an eye on it as they wind down Google Plus operation.

    This is actually Google Plus's second major data breach. Back in October, the company said some 500,000 users' data was compromised, which led to the announcement at that time that Google Plus would be going offline in August. However, because of this new breach, the termination date is now being moved up to April.

    The revelation came on Monday, just a day before C.E.O. Sundar Pichai headed to Capitol Hill to face lawmakers for the first time. Most of the hearing focused on allegations of discrimination against conservatives online, but Pichai also spent a significant amount of time defending the company's record on privacy and data protection, telling members of the House Judiciary Committee that "protecting the privacy and security of our users has long been an essential part of our mission. We have invested an enormous amount of work over the years to bring choice, transparency and control to our users." It remains to be seen if Pichai's reassurances are enough to win over a skeptical public, wary of constant data breaches.

    Facebook ‘sorry’ for bug that may have exposed the photos of 6.8M users

    A Facebook software flaw may have exposed the photos of 6.8 million users to a much wider audience than intended, the social network confirmed Friday.

    “Our internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos,” said Facebook’s Tomer Bar, in a blog post. “We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between September 13 to September 25, 2018.”

    Bar said the bug may have affected up to 1,500 apps built by 876 developers.


    “We're sorry this happened,” he added. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”

    News of the embarrassing software flaw comes just a day after Facebook opened a pop-up kiosk in Midtown Manhattan to teach users about privacy.

    It's not yet known whether anyone actually saw the photos, but the revelation of the now-fixed problem served as another reminder of just how much data Facebook has on its 2.27 billion users, as well as how frequently these slip-ups are recurring.


    Bryan Becker, an application security researcher at WhiteHat Security, said that Facebook should look at its internal procedures for handling code. “If we take Facebook at their word that the exposure only ran for 12 days, I think it’s best to assume this was caused by a bug in a code update (rather than, say, a poorly thought out security policy),” he said, in a statement emailed to Fox News. “Preventing bugs like this from making it to production takes an organized effort across the team. Secure code review, automated testing, and auditing are all needed to help defend against insecure code pushes.”

    The bug is the latest in a series of privacy lapses that continue to crop up, despite Facebook's repeated pledges to batten down its hatches and do a better job preventing unauthorized access to the pictures, thoughts and other personal information its users intend to share only with friends and family.

    Facebook and its leadership are coming under intense scrutiny at the moment amid ongoing concern about the tech giant’s handling of user data.

    The Associated Press contributed to this article.

    Follow James Rogers on Twitter @jamesjrogers

    Taylor Swift used facial recognition to thwart stalkers

    As one of the biggest pop stars in the world, Taylor Swift has amassed many stalkers. Just this fall, she reportedly received a restraining order against a man who had been sending her letters for two years, claiming he was her soul mate, and threading to rape and kill her.

    To prevent the musician from coming face to face with her stalkers, Swift's team employed a somewhat controversial solution during her May 18 Rose Bowl show: facial-recognition technology.

    According to Rolling Stone, a facial-recognition camera was hidden inside a kiosk playing clips of Swift from rehearsals. As fans approached the kiosk to watch, the camera would stealthily snap their photo. Those images were then compared to a database of Swift's known stalkers.

    "Despite the obvious privacy concerns—for starters, who owns those pictures of concertgoers and how long can they be kept on file?—the use of facial-recognition technology is on the rise at stadiums and arenas," the report notes.

    More From PCmag

  • Tumblr’s iOS App Returns to App Store as Porn Ban Looms
  • Find a Lime Scooter, Bike Inside Google Maps App
  • Amazon Patent Tips Doorbell Cams Linked to Photo Databases
  • Three Years Later, Google Chromecast Is Back on Amazon
  • Ticketmaster, for instance, recently invested in Austin, Texas-based facial recognition startup Blink Identity, which says its technology can identify 60 people a minute walking at full speed past a sensor, meaning paper and digital tickets may soon be a thing of the past. The same tech can be used throughout a venue to allow concertgoers to purchase drinks, snacks, and merchandise.

    Meanwhile, US Customs and Border Protection (CBP) in August started using new facial-recognition technology at 14 early adopter airports. Just days after it was implemented, the system helped identify an imposter who attempted to enter the US with someone else's passport. In the future, the technology may be used throughout the airport security and boarding processes, so travelers are identified via biometrics instead of their boarding pass and ID, CBP said.

    This article originally appeared on PCMag.com.

    Google slammed by New Zealand lawmaker after naming suspect in the murder of British backpacker

    Google has been by slammed by a New Zealand lawmaker after the tech giant reportedly published the name of the suspect in the murder of British backpacker Grace Millane.

    The 22-year-old British tourist was murdered earlier this month, according to police. She was staying at a backpacker hostel in Auckland when she went missing Dec. 1. Millane failed to contact her family on her birthday the following day, which alarmed them.

    A week later, police found Millane's body in a forested area not far from the side of the road in the Waitakere Ranges near Auckland.


    A 26-year-old man has been charged with Millane’s murder but has not been named.

    The BBC reports that the suspect in the case was granted a “temporary name suppression” while he awaits trial. However, the suspect was named in a mass email sent out earlier this week by Google, according to the New Zealand Herald. The email, which was viewed by the Herald, reportedly named the accused in its subject heading.

    The email was sent out to people signed up to receive information on “what’s trending in New Zealand.”

    New Zealand Justice Minister Andrew Little told the newspaper that publication of the suspect’s details in New Zealand is a breach of the court order. If the breach was linked back to Google infrastructure in New Zealand, the tech giant could be prosecuted, he said.


    Google told the Herald that its initial investigation shows that it did not know about the suppression order. The search giant would comply with any court order it was made aware of, it said.

    The spokesperson said that Google trends alerts are generated automatically by algorithms based on searches in specific geographies over a certain period of time.

    Police have declined to comment on reports that Millane met the man charged with her murder on Tinder.

    The Associated Press contributed to this article.

    Follow James Rogers on Twitter @jamesjrogers

    FCC effort to stop robotexts prompts censorship concerns

    The FCC says it's giving more authority to wireless carriers to stop spam over text messages. But critics claim the commission may empower carriers to block legitimate content.

    On Wednesday, the FCC voted 3-1 against an attempt to reclassify SMS and MMS (Multimedia Messaging Service) messages as "telecommunication services," which would've have subjected the messaging services to more regulations.

    The FCC instead decided to classify SMS and MMS messaging as "information services," so that wireless carriers can keep combatting spam and scam robotext messages without going through regulatory hurdles.

    "The FCC shouldn't make it easier for spammers and scammers to bombard consumers with unwanted texts," FCC Chairman Ajit Pai said in a statement in supporting the move.

    More From PCmag

  • Puma Revives RS-Computer Smart Sneaker From 1986
  • Save $149 on a 256GB iPad Pro
  • MediaTek’s Helio P90 Chip to Elevate Midrange Phones
  • Report: iPhone Suppliers Mull Leaving China Over US Tariffs
  • But not everyone believes today's vote was about stopping spam. According to FCC Commissioner Jessica Rosenworcel, a Democrat, it was actually about censorship.

    "Let's be honest, today's FCC decision offers consumers no new ability to stop robotexts," she said in a tweet. "It simply provides that carriers can block our text messages and censor the very content of the messages themselves."

    The request to reclassify SMS and MMS messages as telecommunication services came from a 2015 petition by Twilio, a cloud provider that helps companies send text messages. The petition was filed on complaints that wireless carriers were blocking text messages Twilio's clients had been exchanging with their customers.

    In 2007, free speech advocate Public Knowledge also petitioned the FCC over the risk of wireless carriers blocking legitimate text messages, but from activist groups. This occurred when Verizon was found blocking an attempt by an abortion rights group to send text message alerts to its supporters.

    Reclassifying SMS and MMS messages as telecommunication services would have made it illegal for wireless carriers to filter out legitimate text messages. But Wednesday's vote now opens the door for potential SMS text censorship, critics say.

    "No one should mistake today's action as an effort to help consumers limit spam and robotexts," said Public Knowledge SVP Harold Feld in a statement. "This decision does nothing to curb spam, and is not needed to curb spam. It is simply the latest example of Chairman Pai's radical agenda that puts companies ahead of consumers."

    Commissioner Rosenworcel said that prior FCC rulings have made it clear wireless carriers have the power to stop robotexts, without need for new regulatory authority. "But instead of using this common-sense approach, this agency does the opposite. We twist the law to reach the conclusion that you no longer have the final say on where your text messages go and what they say," she said in a statement.

    However, the FCC says today's vote will have no impact on the legitimate text messages consumers send and receive. Carriers have "every incentive" to deliver the SMS text consumers want in order to retain customer loyalty, the commission said in its ruling.

    "Consumers have a wealth of options for wireless messaging service," it added. "If wireless providers do no ensure that messages consumer wants are delivered, they risk losing those customers to other wireless providers or to over-the top applications."

    This article originally appeared on PCMag.com.

    How to stop Apple and Google from tracking you

    Apple and Google can track your every move. But there are ways to mitigate this or shut it down.

    The tracking and snooping that Apple and Google do isn’t necessarily a nefarious plot to spy on you. It can make apps more useful. For example, data used by Google Maps can be helpful in getting directions.

    That said, it’s not always clear how app providers harvest and use this data. There's no telling, for example, how a shopping or dating app may use your data.

    The New York Times reported this week that a variety of companies use location data when users enable location services.

    Set against this backdrop, users need to think about privacy. “Companies use IP addresses, advertising IDs, and cookies to track users and store details about their online behaviors, browsing history, searches, purchases, viewing habits, and more,” Paul Bischoff, privacy advocate at Comparitech.com, told Fox News.


    “The resulting ‘profiles’ sold to third parties might not have names attached, but they can be so specific as to only belong to a single person or small group of people,” he added.

    Generally, disable your phone's location services when not in use, Bischoff said.

    iPhone / iOS: turn off tracking

    In iOS go to “Settings” then select “Privacy” and turn off the “Location Services.” You can also turn off tracking for individual apps on the list that appears below Location Services. Apple, however, warns on its support page that these actions will "limit the performance of various Apple and third-party apps."

    Even if you don't turn off Location features, Apple will give you reminders about apps using location data in the background. For example, a screen may pop up and say, “’Weather’ has been using your location in the background. Do you want to continue allowing this?”


    And if you want to do something less drastic such as curb ad tracking, on the Privacy page under “Advertising” you can turn on “Limit Ad Tracking.”

    Google/Android: turn off tracking

    With Google, it can be a little more involved because Google is not only in charge of Android but its reach extends to the popular Chrome browser and to Google Search.

    On Android, go to the Settings icon on your phone and then tap “Security & location.” Then under “Privacy” tap "Location" then tap “Use Location” and turn that off.  Or below Use Location on “App-level permissions” you can turn off the location permissions for individual apps.

    But you may want to go a step further. Go to your Google My Account page and turn off “Location History.” Then, if you have more serious privacy concerns, you can opt to turn off “Web & App Activity.”


    “Remember that Google is a bit sneaky in this regard, as some apps collect location data even if your location history is disabled. You'll have to turn off all tracking of web and app activity, which may impact how other Google apps function,” Compareitech’s Bischoff said.

    And some more tips about app tracking from Marco DeMello, CEO of app security specialist PSafe.

    “When the product is free you are the product,” DeMello said, citing a widely-used axiom of the Internet. “Consider going for a premium or, at a minimum, an ads-free version of an app/game you're using or interested in. When you pay for services there's no incentive to sell your data,” DeMello said.

    “Keep your phone like you keep your house – clean. Don’t keep around apps and/or games you no longer need or use. [It will] reduce the chance of these apps and/or games capturing and profiting from your data,” DeMello added.

    Apple did not respond to a request for comment for comment on this story. Google provided pages (linked to above) that explain how to manage your location data on Android devices and in apps.

    Google CEO Sundar Pichai says tech giant is no haven for political bias

    Embattled Google CEO Sundar Pichai, amid allegations of anti-conservative bias and privacy violations on the platform, plans to tell the House Judiciary Committee on Tuesday that his company is no haven for political bias.

    "I lead this company without political bias and work to ensure that our products continue to operate that way," Pichai will tell the committee, according to a copy of his prepared remarks. "To do otherwise would go against our core principles and our business interests. We are a company that provides platforms for diverse perspectives and opinions—and we have no shortage of them among our own employees."

    “Some of our Googlers are former servicemen and women who have risked much in defense of our country," he added. "Some are civil libertarians who fiercely defend freedom of expression.”


    Google has been under close scrutiny amid allegations of anti-conservative bias, which it denies. The CEO met privately with GOP lawmakers on Capitol Hill in September to discuss the allegations and concerns about the firm’s re-entry into China and privacy issues.

    In his prepared testimony before the House Judiciary Committee Pichai also noted that Google supports federal privacy legislation.


    "We recognize the important role of governments, including this Committee, in setting rules for the development and use of technology," Pichai will tell the House panel. "To that end, we support federal privacy legislation and proposed a legislative framework for privacy earlier this year."

    The comments come as Google tries to manage the protection of personal information on its Plus service, prodding the company to accelerate its plans to shut down a little-used social network created to compete against Facebook.

    A privacy flaw that inadvertently exposed the names, email addresses, ages and other personal information of 52.5 million Google Plus users last month convinced Google to close the service in April instead of August, as previously announced. Google revealed the new closure date and its latest privacy lapse in a Monday blog post.


    It's the second time in two months that Google has disclosed the existence of a problem that enabled unauthorized access to Plus profiles. In October, the company acknowledged finding a privacy flaw affecting 500,000 Plus users that it waited more than six months to disclose.

    As such, the Google chief's appearance on Capitol Hill will be closely followed. For Pichai, Tuesday is a chance to set the record straight.

    The 46-year-old chief executive who formerly led Google's product side and oversaw the release of its popular web browser Chrome has maintained a low profile since taking over as the company's leader in October 2015. That stands in contrast to his predecessor, Eric Schmidt, who built relationships in Washington, D.C. on both sides of the aisle and forged a strong bond with the Obama administration.


    Pichai has enjoyed a meteoric rise since joining Google in 2004. The future tech leader grew up in a two-room apartment in Chennai, India, where he and his brother slept on the floor. His mother and father, a stenographer and engineer respectively, instilled an appreciation for education in Pichai from an early age.

    The CEO touched on his modest upbringing in his written testimony. "Growing up in India, I have distinct memories of when my family got its first phone and our first television. Each new technology made a profound difference in our lives," he explained. "Getting the phone meant that I could call ahead to the hospital to check that the blood results were in before I traveled 2 hours by bus to get them."

    Mr. Pichai “came to this country as an immigrant with no resources and rose to lead one of the most powerful and influential companies,” Rep. Ro Khanna, a Democrat whose district in California includes Google’s headquarters of Mountain View, recently told The Wall Street Journal.


    “Of course he’s not going to have a network in Washington,” he added. “He hasn’t played the political game. I think that’s refreshing.”

    Still, the Journal reported that within Google, Pichai has been trying to build better ties with Republican lawmakers and conservative groups. Pichai himself traveled to Tennessee early this year to attend a groundbreaking of a data center with GOP Sen. Bob Corker.

    Tuesday's hearing will test the limits of that outreach and touch upon a range of subjects roiling the company.


    Google's plan to create a censored search engine for China will also be firmly in the spotlight.

    Known within the tech giant as Dragonfly, the project prompted more than 740 employees to pen a letter calling for Pichai to halt the plan because it would "enable state surveillance." A number of employees have reportedly resigned over the project, which has also drawn bipartisan howls on Capitol Hill at a sensitive time for America's relationship with China, and Google has reportedly clamped down on internal leaks this year.

    "It is a coup for the Chinese government and Communist Party to force Google—the biggest search engine in the world—to comply with their onerous censorship requirements, and sets a worrying precedent for other companies seeking to do business in China without compromising their core values," a bipartisan group of senators said in an August letter to Pichai.

    At the same time, in the wake of Facebook's known security issues like Cambridge Analytica, Google will be questioned about why it took months for the company to publicly disclose the privacy flaw in its Google+ social network.


    Another topic that Republican lawmakers may mention involves a leaked video from an all-hands meeting after the 2016 presidential election that reportedly shows top executives lamenting President Trump's victory. To conservative critics, the video feeds the perception that Google is biased against them. Google has consistently denied any political bias.

    The company has also been criticized for moving too slowly, at times, to take down conspiracy-laden or terrorist content from YouTube.

    Although Democrats are unlikely to question the CEO about alleged bias, lawmakers may bring up the fact that Google's temps, vendors and contract workers are protesting the fact that they don't receive the same information and benefits as full-time employees.

    Fox News' James Rogers contributed to this article.

    Matt Richardson is an editor for Fox News. Follow him on Twitter @MRichardson713.